diff --git a/docs/docs-content/security-bulletins/reports/cve-2005-2541.md b/docs/docs-content/security-bulletins/reports/cve-2005-2541.md new file mode 100644 index 0000000000..f2c9c21ac5 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2005-2541.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2005-2541" +title: "CVE-2005-2541" +description: "Lifecycle of CVE-2005-2541" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2005-2541](https://nvd.nist.gov/vuln/detail/CVE-2005-2541) + +## Last Update + +8/16/2024 + +## NIST CVE Summary + +Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote +attackers to gain privileges. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor. + +## CVE Severity + +[10.0](https://nvd.nist.gov/vuln/detail/CVE-2005-2541) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2012-2663.md b/docs/docs-content/security-bulletins/reports/cve-2012-2663.md new file mode 100644 index 0000000000..0db0fbedd5 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2012-2663.md @@ -0,0 +1,44 @@ +--- +sidebar_label: "CVE-2012-2663" +title: "CVE-2012-2663" +description: "Lifecycle of CVE-2012-2663" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2012-2663](https://nvd.nist.gov/vuln/detail/CVE-2012-2663) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow +remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this +issue less relevant. + +## Our Official Summary + +Spectro Cloud Offical Summary Coming Soon + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2012-2663) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2015-20107.md b/docs/docs-content/security-bulletins/reports/cve-2015-20107.md new file mode 100644 index 0000000000..9b989b131c --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2015-20107.md @@ -0,0 +1,45 @@ +--- +sidebar_label: "CVE-2015-20107" +title: "CVE-2015-20107" +description: "Lifecycle of CVE-2015-20107" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2015-20107](https://nvd.nist.gov/vuln/detail/CVE-2015-20107) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the +system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch +with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to +3.7, 3.8, 3.9 + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor + +## CVE Severity + +[7.6](https://nvd.nist.gov/vuln/detail/CVE-2015-20107) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2016-1585.md b/docs/docs-content/security-bulletins/reports/cve-2016-1585.md new file mode 100644 index 0000000000..673d71bc3e --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2016-1585.md @@ -0,0 +1,42 @@ +--- +sidebar_label: "CVE-2016-1585" +title: "CVE-2016-1585" +description: "Lifecycle of CVE-2016-1585" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2016-1585](https://nvd.nist.gov/vuln/detail/CVE-2016-1585) + +## Last Update + +8/16/2024 + +## NIST CVE Summary + +In all versions of AppArmor mount rules are accidentally widened when compiled. + +## Our Official Summary + +Spectro Cloud Official Summary coming soon. + +## CVE Severity + +[9.8](https://nvd.nist.gov/vuln/detail/CVE-2016-1585) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2016-20013.md b/docs/docs-content/security-bulletins/reports/cve-2016-20013.md new file mode 100644 index 0000000000..8b566d50f6 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2016-20013.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2016-20013" +title: "CVE-2016-20013" +description: "Lifecycle of CVE-2016-20013" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2016-20013](https://nvd.nist.gov/vuln/detail/CVE-2016-20013) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the +algorithm's runtime is proportional to the square of the length of the password. + +## Our Official Summary + +Spectro Cloud Offical Summary Coming Soon + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2016-20013) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2017-11164.md b/docs/docs-content/security-bulletins/reports/cve-2017-11164.md new file mode 100644 index 0000000000..efc35ee118 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2017-11164.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2017-11164" +title: "CVE-2017-11164" +description: "Lifecycle of CVE-2017-11164" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2017-11164](https://nvd.nist.gov/vuln/detail/CVE-2017-11164) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled +recursion) when processing a crafted regular expression. + +## Our Official Summary + +Spectro Cloud Offical Summary Coming Soon + +## CVE Severity + +[7.8](https://nvd.nist.gov/vuln/detail/CVE-2017-11164) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2018-20225.md b/docs/docs-content/security-bulletins/reports/cve-2018-20225.md new file mode 100644 index 0000000000..12158d6018 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2018-20225.md @@ -0,0 +1,46 @@ +--- +sidebar_label: "CVE-2018-20225" +title: "CVE-2018-20225" +description: "Lifecycle of CVE-2018-20225" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2018-20225](https://nvd.nist.gov/vuln/detail/CVE-2018-20225) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if +the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url +option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can +put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality +and the user is responsible for using --extra-index-url securely + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor + +## CVE Severity + +[7.8](https://nvd.nist.gov/vuln/detail/CVE-2018-20225) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2018-20657.md b/docs/docs-content/security-bulletins/reports/cve-2018-20657.md new file mode 100644 index 0000000000..5891d14d93 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2018-20657.md @@ -0,0 +1,44 @@ +--- +sidebar_label: "CVE-2018-20657" +title: "CVE-2018-20657" +description: "Lifecycle of CVE-2018-20657" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2018-20657](https://nvd.nist.gov/vuln/detail/CVE-2018-20657) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak +via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue +to CVE-2018-12698. + +## Our Official Summary + +Waiting on a fix from third party mongodb & calico vendors + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-20657) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2018-20796.md b/docs/docs-content/security-bulletins/reports/cve-2018-20796.md new file mode 100644 index 0000000000..9d47f8b355 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2018-20796.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2018-20796" +title: "CVE-2018-20796" +description: "Lifecycle of CVE-2018-20796" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2018-20796](https://nvd.nist.gov/vuln/detail/CVE-2018-20796) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled +Recursion, as demonstrated by '(\\227|)(\\1\\1|t1|\\\\2537)+' in grep. + +## Our Official Summary + +Spectro Cloud’s Official Summary Coming Soon + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-20796) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2018-20839.md b/docs/docs-content/security-bulletins/reports/cve-2018-20839.md new file mode 100644 index 0000000000..8ea68c7d1f --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2018-20839.md @@ -0,0 +1,44 @@ +--- +sidebar_label: "CVE-2018-20839" +title: "CVE-2018-20839" +description: "Lifecycle of CVE-2018-20839" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2018-20839](https://nvd.nist.gov/vuln/detail/CVE-2018-20839) + +## Last Update + +8/16/2024 + +## NIST CVE Summary + +Systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain +circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka +current keyboard mode) check is mishandled. + +## Our Official Summary + +Waiting on a fix from third party mongodb & calico vendors. + +## CVE Severity + +[9.8](https://nvd.nist.gov/vuln/detail/CVE-2018-20839) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-1010022.md b/docs/docs-content/security-bulletins/reports/cve-2019-1010022.md new file mode 100644 index 0000000000..26553e9141 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2019-1010022.md @@ -0,0 +1,44 @@ +--- +sidebar_label: "CVE-2019-1010022" +title: "CVE-2019-1010022" +description: "Lifecycle of CVE-2019-1010022" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2019-1010022](https://nvd.nist.gov/vuln/detail/CVE-2019-1010022) + +## Last Update + +8/16/2024 + +## NIST CVE Summary + +GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The +component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability +to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor. + +## CVE Severity + +[9.8](https://nvd.nist.gov/vuln/detail/CVE-2019-1010022) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-12900.md b/docs/docs-content/security-bulletins/reports/cve-2019-12900.md new file mode 100644 index 0000000000..929e888595 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2019-12900.md @@ -0,0 +1,42 @@ +--- +sidebar_label: "CVE-2019-12900" +title: "CVE-2019-12900" +description: "Lifecycle of CVE-2019-12900" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2019-12900](https://nvd.nist.gov/vuln/detail/CVE-2019-12900) + +## Last Update + +8/16/2024 + +## NIST CVE Summary + +BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. + +## Our Official Summary + +Waiting on a fix from third party mongodb & calico vendors. + +## CVE Severity + +[9.8](https://nvd.nist.gov/vuln/detail/CVE-2019-12900) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-17543.md b/docs/docs-content/security-bulletins/reports/cve-2019-17543.md new file mode 100644 index 0000000000..89c2a37526 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2019-17543.md @@ -0,0 +1,44 @@ +--- +sidebar_label: "CVE-2019-17543" +title: "CVE-2019-17543" +description: "Lifecycle of CVE-2019-17543" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2019-17543](https://nvd.nist.gov/vuln/detail/CVE-2019-17543) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting +applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the +vendor states "only a few specific / uncommon usages of the API are at risk." + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor + +## CVE Severity + +[8.1](https://nvd.nist.gov/vuln/detail/CVE-2019-17543) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-19244.md b/docs/docs-content/security-bulletins/reports/cve-2019-19244.md new file mode 100644 index 0000000000..50c761ad5e --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2019-19244.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2019-19244" +title: "CVE-2019-19244" +description: "Lifecycle of CVE-2019-19244" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2019-19244](https://nvd.nist.gov/vuln/detail/CVE-2019-19244) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +Sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and +also has certain ORDER BY usage. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor. + +## CVE Severity + +[8.1](https://nvd.nist.gov/vuln/detail/CVE-2019-19244) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9192.md b/docs/docs-content/security-bulletins/reports/cve-2019-9192.md new file mode 100644 index 0000000000..6578a22f96 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2019-9192.md @@ -0,0 +1,44 @@ +--- +sidebar_label: "CVE-2019-9192" +title: "CVE-2019-9192" +description: "Lifecycle of CVE-2019-9192" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2019-9192](https://nvd.nist.gov/vuln/detail/CVE-2019-9192) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled +Recursion, as demonstrated by '(|)(\\1\\1)\*' in grep, a different issue than CVE-2018-20796. NOTE: the software +maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern + +## Our Official Summary + +Spectro Cloud official summary coming + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9192) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9674.md b/docs/docs-content/security-bulletins/reports/cve-2019-9674.md new file mode 100644 index 0000000000..4c03596a7b --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2019-9674.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2019-9674" +title: "CVE-2019-9674" +description: "Lifecycle of CVE-2019-9674" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2019-9674](https://nvd.nist.gov/vuln/detail/CVE-2019-9674) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a +ZIP bomb. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9674) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9923.md b/docs/docs-content/security-bulletins/reports/cve-2019-9923.md new file mode 100644 index 0000000000..ec98302244 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2019-9923.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2019-9923" +title: "CVE-2019-9923" +description: "Lifecycle of CVE-2019-9923" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2019-9923](https://nvd.nist.gov/vuln/detail/CVE-2019-9923) + +## Last Update + +8/16/2024 + +## NIST CVE Summary + +Pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that +have malformed extended headers. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9923) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9936.md b/docs/docs-content/security-bulletins/reports/cve-2019-9936.md new file mode 100644 index 0000000000..86a20eaafa --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2019-9936.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2019-9936" +title: "CVE-2019-9936" +description: "Lifecycle of CVE-2019-9936" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2019-9936](https://nvd.nist.gov/vuln/detail/CVE-2019-9936) + +## Last Update + +8/16/2024 + +## NIST CVE Summary + +In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in +fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9936) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9937.md b/docs/docs-content/security-bulletins/reports/cve-2019-9937.md new file mode 100644 index 0000000000..3edc0a49ae --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2019-9937.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2019-9937" +title: "CVE-2019-9937" +description: "Lifecycle of CVE-2019-9937" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2019-9937](https://nvd.nist.gov/vuln/detail/CVE-2019-9937) + +## Last Update + +8/16/2024 + +## NIST CVE Summary + +In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL +Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9937) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2020-35512.md b/docs/docs-content/security-bulletins/reports/cve-2020-35512.md new file mode 100644 index 0000000000..875465fdbe --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2020-35512.md @@ -0,0 +1,45 @@ +--- +sidebar_label: "CVE-2020-35512" +title: "CVE-2020-35512" +description: "Lifecycle of CVE-2020-35512" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2020-35512](https://nvd.nist.gov/vuln/detail/CVE-2020-35512) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +A use-after-free flaw was found in D-Bus Development branch \<= 1.13.16, dbus-1.12.x stable branch \<= 1.12.18, and +dbus-1.10.x and older branches \<= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of +policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures +necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor + +## CVE Severity + +[7.8](https://nvd.nist.gov/vuln/detail/CVE-2020-35512) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2020-36325.md b/docs/docs-content/security-bulletins/reports/cve-2020-36325.md new file mode 100644 index 0000000000..3480f6c859 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2020-36325.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2020-36325" +title: "CVE-2020-36325" +description: "Lifecycle of CVE-2020-36325" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2020-36325](https://nvd.nist.gov/vuln/detail/CVE-2020-36325) + +## Last Update + +8/16/2024 + +## NIST CVE Summary + +An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds +read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor. + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2020-36325) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-3737.md b/docs/docs-content/security-bulletins/reports/cve-2021-3737.md new file mode 100644 index 0000000000..5a0a4e06eb --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2021-3737.md @@ -0,0 +1,44 @@ +--- +sidebar_label: "CVE-2021-3737" +title: "CVE-2021-3737" +description: "Lifecycle of CVE-2021-3737" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2021-3737](https://nvd.nist.gov/vuln/detail/CVE-2021-3737) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote +attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The +highest threat from this vulnerability is to system availability. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2021-3737) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-39537.md b/docs/docs-content/security-bulletins/reports/cve-2021-39537.md new file mode 100644 index 0000000000..961a28627f --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2021-39537.md @@ -0,0 +1,42 @@ +--- +sidebar_label: "CVE-2021-39537" +title: "CVE-2021-39537" +description: "Lifecycle of CVE-2021-39537" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2021-39537](https://nvd.nist.gov/vuln/detail/CVE-2021-39537) + +## Last Update + +8/16/2024 + +## NIST CVE Summary + +An issue was discovered in ncurses through v6.2-1. \_nc_captoinfo in captoinfo.c has a heap-based buffer overflow. + +## Our Official Summary + +Waiting on a fix from third party mongodb & calico vendors. + +## CVE Severity + +[8.8](https://nvd.nist.gov/vuln/detail/CVE-2021-39537) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-42694.md b/docs/docs-content/security-bulletins/reports/cve-2021-42694.md new file mode 100644 index 0000000000..eeea9e67b8 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2021-42694.md @@ -0,0 +1,53 @@ +--- +sidebar_label: "CVE-2021-42694" +title: "CVE-2021-42694" +description: "Lifecycle of CVE-2021-42694" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2021-42694](https://nvd.nist.gov/vuln/detail/CVE-2021-42694) + +## Last Update + +8/16/2024 + +## NIST CVE Summary + +An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows +an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical +to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream +software dependencies invoked deceptively in downstream software. NOTE: the Unicode Consortium offers the following +alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect +applications that implement support for The Unicode Standard (all versions). Unless mitigated, an adversary could +produce source code identifiers using homoglyph characters that render visually identical to but are distinct from a +target identifier. In this way, an adversary could inject adversarial identifier definitions in upstream software that +are not detected by human reviewers and are invoked deceptively in downstream software. The Unicode Consortium has +documented this class of security vulnerability in its document, Unicode Technical Report #36, Unicode Security +Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode +Technical Standard #39, Unicode Security Mechanisms. + +## Our Official Summary + +Waiting on a fix from third party mongodb & calico vendors. + +## CVE Severity + +[8.3](https://nvd.nist.gov/vuln/detail/CVE-2021-42694) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-0391.md b/docs/docs-content/security-bulletins/reports/cve-2022-0391.md new file mode 100644 index 0000000000..ad600d6f7c --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2022-0391.md @@ -0,0 +1,45 @@ +--- +sidebar_label: "CVE-2022-0391" +title: "CVE-2022-0391" +description: "Lifecycle of CVE-2022-0391" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2022-0391](https://nvd.nist.gov/vuln/detail/CVE-2022-0391) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource +Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows +characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection +attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-0391) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-23990.md b/docs/docs-content/security-bulletins/reports/cve-2022-23990.md new file mode 100644 index 0000000000..2d8f05ccc6 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2022-23990.md @@ -0,0 +1,42 @@ +--- +sidebar_label: "CVE-2022-23990" +title: "CVE-2022-23990" +description: "Lifecycle of CVE-2022-23990" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2022-23990](https://nvd.nist.gov/vuln/detail/CVE-2022-23990) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-23990) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publications +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-41409.md b/docs/docs-content/security-bulletins/reports/cve-2022-41409.md new file mode 100644 index 0000000000..3b4a095f94 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2022-41409.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2022-41409" +title: "CVE-2022-41409" +description: "Lifecycle of CVE-2022-41409" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2022-41409](https://nvd.nist.gov/vuln/detail/CVE-2022-41409) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other +unspecified impacts via negative input. + +## Our Official Summary + +Waiting on a fix from third party mongodb & calico vendors + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41409) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-41723.md b/docs/docs-content/security-bulletins/reports/cve-2022-41723.md index 5bb1ac2d3c..0be8d638c2 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-41723.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-41723.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -7/16/2024 +8/16/2024 ## NIST CVE Summary @@ -33,3 +33,13 @@ workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a futur ## Status Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.11 +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 07/16/2024 Initial Publication +- 2.0 08/16/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-4899.md b/docs/docs-content/security-bulletins/reports/cve-2022-4899.md new file mode 100644 index 0000000000..e4a9c85a36 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2022-4899.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2022-4899" +title: "CVE-2022-4899" +description: "Lifecycle of CVE-2022-4899" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2022-4899](https://nvd.nist.gov/vuln/detail/CVE-2022-4899) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line +tool to cause buffer overrun. + +## Our Official Summary + +Waiting on a fix from third party mongodb & calico vendors + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4899) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-0464.md b/docs/docs-content/security-bulletins/reports/cve-2023-0464.md index 43c8d7beca..ab52cc9aae 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-0464.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-0464.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -7/16/2024 +8/16/2024 ## NIST CVE Summary @@ -34,3 +34,13 @@ This is a false positive reported by twistlock. We have confirmed this CVE is fi ## Status Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.11 +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 07/16/2024 Initial Publication +- 2.0 08/16/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-26604.md b/docs/docs-content/security-bulletins/reports/cve-2023-26604.md new file mode 100644 index 0000000000..649b623405 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-26604.md @@ -0,0 +1,45 @@ +--- +sidebar_label: "CVE-2023-26604" +title: "CVE-2023-26604" +description: "Lifecycle of CVE-2023-26604" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-26604](https://nvd.nist.gov/vuln/detail/CVE-2023-26604) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the +system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch +with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to +3.7, 3.8, 3.9 + +## Our Official Summary + +Spectro Cloud Official Summary Coming Soon + +## CVE Severity + +[7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-26604) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-27534.md b/docs/docs-content/security-bulletins/reports/cve-2023-27534.md new file mode 100644 index 0000000000..1d24a3af2a --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-27534.md @@ -0,0 +1,45 @@ +--- +sidebar_label: "CVE-2023-27534" +title: "CVE-2023-27534" +description: "Lifecycle of CVE-2023-27534" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-27534](https://nvd.nist.gov/vuln/detail/CVE-2023-27534) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +A path traversal vulnerability exists in curl \<8.0.0 SFTP implementation causes the tilde (\~) character to be wrongly +replaced when used as a prefix in the first path element, in addition to its intended use as the first element to +indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute +arbitrary code by crafting a path like /\~2/foo while accessing a server with a specific user. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor + +## CVE Severity + +[8.8](https://nvd.nist.gov/vuln/detail/CVE-2023-27534) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-29499.md b/docs/docs-content/security-bulletins/reports/cve-2023-29499.md new file mode 100644 index 0000000000..b3a547d3ce --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-29499.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2023-29499" +title: "CVE-2023-29499" +description: "Lifecycle of CVE-2023-29499" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-29499](https://nvd.nist.gov/vuln/detail/CVE-2023-29499) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, +leading to denial of service. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-29499) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-32636.md b/docs/docs-content/security-bulletins/reports/cve-2023-32636.md new file mode 100644 index 0000000000..1004ae03fc --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-32636.md @@ -0,0 +1,45 @@ +--- +sidebar_label: "CVE-2023-32636" +title: "CVE-2023-32636" +description: "Lifecycle of CVE-2023-32636" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-32636](https://nvd.nist.gov/vuln/detail/CVE-2023-32636) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by +additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does +not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers +to backport the initial fix for CVE-2023-29499. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor + +## CVE Severity + +[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-32636) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-37920.md b/docs/docs-content/security-bulletins/reports/cve-2023-37920.md new file mode 100644 index 0000000000..af809a17f6 --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-37920.md @@ -0,0 +1,45 @@ +--- +sidebar_label: "CVE-2023-37920" +title: "CVE-2023-37920" +description: "Lifecycle of CVE-2023-37920" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-37920](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) + +## Last Update + +8/16/2024 + +## NIST CVE Summary + +Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while +verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. +e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. +Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. + +## Our Official Summary + +Waiting on a fix from third party mongodb & calico vendors. + +## CVE Severity + +[9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-39325.md b/docs/docs-content/security-bulletins/reports/cve-2023-39325.md index 357725b2a8..ce0088163a 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-39325.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-39325.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -7/16/2024 +8/16/2024 ## NIST CVE Summary @@ -34,3 +34,13 @@ CVE exists in coredns that’s being used in k8s 1.28.11. For customer workload ## Status Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.11 +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 07/16/2024 Initial Publication +- 2.0 08/16/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-4156.md b/docs/docs-content/security-bulletins/reports/cve-2023-4156.md new file mode 100644 index 0000000000..02ce5ae46d --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2023-4156.md @@ -0,0 +1,43 @@ +--- +sidebar_label: "CVE-2023-4156" +title: "CVE-2023-4156" +description: "Lifecycle of CVE-2023-4156" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2023-4156](https://nvd.nist.gov/vuln/detail/CVE-2023-4156) + +## Last Update + +08/16/2024 + +## NIST CVE Summary + +A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be +used to read sensitive information. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor + +## CVE Severity + +[7.1](https://nvd.nist.gov/vuln/detail/CVE-2023-4156) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-44487.md b/docs/docs-content/security-bulletins/reports/cve-2023-44487.md index 88677c5cd3..932ef75d30 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-44487.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-44487.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -7/16/2024 +8/16/2024 ## NIST CVE Summary @@ -32,3 +32,13 @@ The CVE reported in coredns and kube-vip. Govulncheck reports it as non-impactin ## Status Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.11 +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 07/16/2024 Initial Publication +- 2.0 08/16/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-45142.md b/docs/docs-content/security-bulletins/reports/cve-2023-45142.md index e59db347a1..467abb3cb6 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-45142.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-45142.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -7/16/2024 +8/16/2024 ## NIST CVE Summary @@ -34,3 +34,13 @@ Self Hosted cluster, a future release will upgrade to 1.29+. ## Status Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.11 +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 07/16/2024 Initial Publication +- 2.0 08/16/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-47108.md b/docs/docs-content/security-bulletins/reports/cve-2023-47108.md index 00e6df3148..cfdffdb13a 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-47108.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-47108.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -7/16/2024 +8/16/2024 ## NIST CVE Summary @@ -34,3 +34,13 @@ workaround. ## Status Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.11 +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 07/16/2024 Initial Publication +- 2.0 08/16/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-21626.md b/docs/docs-content/security-bulletins/reports/cve-2024-21626.md index a5650cb117..91fcd5e316 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2024-21626.md +++ b/docs/docs-content/security-bulletins/reports/cve-2024-21626.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -7/16/2024 +8/16/2024 ## NIST CVE Summary @@ -38,3 +38,13 @@ k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrad ## Status Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.11 +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 07/16/2024 Initial Publication +- 2.0 08/16/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-38428.md b/docs/docs-content/security-bulletins/reports/cve-2024-38428.md new file mode 100644 index 0000000000..6e1639e46f --- /dev/null +++ b/docs/docs-content/security-bulletins/reports/cve-2024-38428.md @@ -0,0 +1,44 @@ +--- +sidebar_label: "CVE-2024-38428" +title: "CVE-2024-38428" +description: "Lifecycle of CVE-2024-38428" +hide_table_of_contents: true +sidebar_class_name: "hide-from-sidebar" +toc_max_heading_level: 2 +tags: ["security", "cve"] +--- + +## CVE Details + +[CVE-2024-38428](https://nvd.nist.gov/vuln/detail/CVE-2024-38428) + +## Last Update + +8/16/2024 + +## NIST CVE Summary + +Url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be +insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the +host subcomponent. + +## Our Official Summary + +Waiting on a fix from third party mongodb vendor. + +## CVE Severity + +[9.1](https://nvd.nist.gov/vuln/detail/CVE-2024-38428) + +## Status + +Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 08/16/2024 Initial Publication +- 2.0 08/17/2024 Added Palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md b/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md index 2cb07ea44e..476ca2c640 100644 --- a/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md +++ b/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -10/25/2023 +8/16/24 ## NIST CVE Summary @@ -35,3 +35,13 @@ clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluste ## Status Ongoing + +## Affected Products & Versions + +- Palette VerteX 4.4.11 +- Palette VerteX 4.4.12 + +## Revision History + +- 1.0 07/16/2024 Initial Publication +- 2.0 08/16/2024 Added palette VerteX 4.4.12 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/reports.md b/docs/docs-content/security-bulletins/reports/reports.md index 1bb996b261..a0ae5a5ff1 100644 --- a/docs/docs-content/security-bulletins/reports/reports.md +++ b/docs/docs-content/security-bulletins/reports/reports.md @@ -32,15 +32,15 @@ Click on the CVE ID to view the full details of the vulnerability. | CVE ID | Initial Pub Date | Modified Date | Impacted Product & Version | Vulnerability Type | CVSS Severity | Status | | ----------------------------------------------- | ---------------- | ------------- | -------------------------- | --------------------------------------- | -------------------------------------------------------- | ------------- | | [CVE-2023-52425](./cve-2023-52425.md) | 02/04/2024 | 06/14/2024 | Palette 4.4.11 | Third-party component: vSphere-CSI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-52425) | :mag: Ongoing | -| [CVE-2024-21626](./cve-2024-21626.md) | 1/3/24 | 2/18/24 | Palette 4.4.11 | Third-party component: kube-proxy | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | :mag: Ongoing | -| [CVE-2022-41723](./cve-2022-41723.md) | 2/28/23 | 11/25/23 | Palette 4.4.11 | Third-party component: CoreDNS | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723) | :mag: Ongoing | -| [GHSA-m425-mq94-257g](./ghsa-m425-mq94-257g.md) | 10/25/23 | 10/25/23 | Palette 4.4.11 | Third-party component: CoreDNS | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | :mag: Ongoing | +| [CVE-2024-21626](./cve-2024-21626.md) | 1/3/24 | 2/18/24 | Palette 4.4.11 & 4.4.12 | Third-party component: kube-proxy | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | :mag: Ongoing | +| [CVE-2022-41723](./cve-2022-41723.md) | 2/28/23 | 11/25/23 | Palette 4.4.11 & 4.4.12 | Third-party component: CoreDNS | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723) | :mag: Ongoing | +| [GHSA-m425-mq94-257g](./ghsa-m425-mq94-257g.md) | 10/25/23 | 10/25/23 | Palette 4.4.11 & 4.4.12 | Third-party component: CoreDNS | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | :mag: Ongoing | | [CVE-2022-4450](./cve-2022-4450.md) | 2/8/23 | 2/4/24 | Palette 4.4.11 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) | :mag: Ongoing | -| [CVE-2023-45142](./cve-2023-45142.md) | 10/12/23 | 2/18/24 | Palette 4.4.11 | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142) | :mag: Ongoing | -| [CVE-2023-0464](./cve-2023-0464.md) | 3/22/23 | 6/21/24 | Palette 4.4.11 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464) | :mag: Ongoing | -| [CVE-2023-39325](./cve-2023-39325.md) | 10/11/23 | 4/28/24 | Palette 4.4.11 | Third-party component: Go project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | :mag: Ongoing | +| [CVE-2023-45142](./cve-2023-45142.md) | 10/12/23 | 2/18/24 | Palette 4.4.11 & 4.4.12 | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142) | :mag: Ongoing | +| [CVE-2023-0464](./cve-2023-0464.md) | 3/22/23 | 6/21/24 | Palette 4.4.11 & 4.4.12 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464) | :mag: Ongoing | +| [CVE-2023-39325](./cve-2023-39325.md) | 10/11/23 | 4/28/24 | Palette 4.4.11 & 4.4.12 | Third-party component: Go project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | :mag: Ongoing | | [CVE-2023-0215](./cve-2023-0215.md) | 2/28/23 | 6/21/24 | Palette 4.4.11 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215) | :mag: Ongoing | -| [CVE-2023-47108](./cve-2023-47108.md) | 11/20/23 | 11/20/23 | Palette 4.4.11 | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | :mag: Ongoing | +| [CVE-2023-47108](./cve-2023-47108.md) | 11/20/23 | 11/20/23 | Palette 4.4.11 & 4.4.12 | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | :mag: Ongoing | | [CVE-2023-0286](./cve-2023-0286.md) | 2/8/23 | 2/4/24 | Palette 4.4.11 | Third-party component: OpenSSL | [7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) | :mag: Ongoing | | [CVE-2020-1971](./cve-2020-1971.md) | 12/8/20 | 6/21/24 | Palette 4.4.11 | Third-party component: Ubuntu | [5.9](https://nvd.nist.gov/vuln/detail/CVE-2020-1971) | :mag: Ongoing | | [CVE-2021-3449](./cve-2021-3449.md) | 3/25/21 | 6/21/24 | Palette 4.4.11 | Third-party component: Ubuntu | [5.9](https://nvd.nist.gov/vuln/detail/CVE-2021-3449) | :mag: Ongoing | @@ -48,10 +48,44 @@ Click on the CVE ID to view the full details of the vulnerability. | [CVE-2022-0778](./cve-2022-0778.md) | 3/15/22 | 6/21/24 | Palette 4.4.11 | Third-party component: Ubuntu | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-0778) | :mag: Ongoing | | [CVE-2021-45079](./cve-2021-45079.md) | 1/31/22 | 11/6/23 | Palette 4.4.11 | Third-party component: Ubuntu | [9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-45079) | :mag: Ongoing | | [CVE-2023-5528](./cve-2023-5528.md) | 11/14/23 | 1/19/24 | Palette 4.4.11 | Third-party component: vSphere-CSI | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2023-5528) | :mag: Ongoing | -| [CVE-2023-44487](./cve-2023-44487.md) | 10/10/23 | 6/27/24 | Palette 4.4.11 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | :mag: Ongoing | +| [CVE-2023-44487](./cve-2023-44487.md) | 10/10/23 | 6/27/24 | Palette 4.4.11 & 4.4.12 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | :mag: Ongoing | | [CVE-2022-25883](./cve-2022-25883.md) | 6/21/23 | 11/6/24 | Palette 4.4.11 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883) | :mag: Ongoing | | [CVE-2015-8855](./cve-2015-8855.md) | 1/23/17 | 1/26/12 | Palette 4.4.11 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855) | :mag: Ongoing | -| [CVE-2024-24790](./cve-2024-24790.md) | 8/6/24 | 8/6/24 | Palette 4.4.11 | Third-party component: Go Project | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-24790) | :mag: Ongoing | -| [GHSA-74fp-r6jw-h4mp](./ghsa-74fp-r6jw-h4mp) | 8/6/24 | 8/6/24 | Palette 4.4.11 | Third-party component: GitHub | [7.5](https://github.com/advisories/GHSA-74fp-r6jw-h4mp) | :mag: Ongoing | | [CVE-2024-0743](./cve-2024-0743.md) | 08/09/24 | 08/09/24 | Palette 4.4.11 | Third-party component: TLS | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) | :mag: Ongoing | +| [CVE-2019-12900](./cve-2019-12900.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: BZ2 | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2019-12900) | :mag: Ongoing | +| [CVE-2023-37920](./cve-2023-37920.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: Certifi | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) | :mag: Ongoing | +| [CVE-2019-1010022](./cve-2019-1010022.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: GNU Libc | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2019-1010022) | :mag: Ongoing | +| [CVE-2016-1585](./cve-2016-1585.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: Ubuntu | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2016-1585) | :mag: Ongoing | +| [CVE-2018-20839](./cve-2018-20839.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2018-20839) | :mag: Ongoing | +| [CVE-2024-38428](./cve-2024-38428.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [9.1](https://nvd.nist.gov/vuln/detail/CVE-2024-38428) | :mag: Ongoing | +| [CVE-2021-42694](./cve-2021-42694.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [8.3](https://nvd.nist.gov/vuln/detail/CVE-2021-42694) | :mag: Ongoing | +| [CVE-2021-39537](./cve-2021-39537.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2021-39537) | :mag: Ongoing | +| [CVE-2019-9923](./cve-2019-9923.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9923) | :mag: Ongoing | +| [CVE-2020-36325](./cve-2020-36325.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: Jansson | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2020-36325) | :mag: Ongoing | +| [CVE-2005-2541](./cve-2005-2541.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [10.0](https://nvd.nist.gov/vuln/detail/CVE-2005-2541) | :mag: Ongoing | +| [CVE-2019-9937](./cve-2019-9937.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9937) | :mag: Ongoing | +| [CVE-2019-9936](./cve-2019-9936.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9936) | :mag: Ongoing | +| [CVE-2019-19244](./cve-2019-19244.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-19244) | :mag: Ongoing | +| [CVE-2016-20013](./cve-2016-20013.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: Ubuntu | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2016-20013) | :mag: Ongoing | +| [CVE-2022-0391](./cve-2022-0391.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-0391) | :mag: Ongoing | +| [CVE-2021-3737](./cve-2021-3737.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2021-3737) | :mag: Ongoing | +| [CVE-2019-9674](./cve-2019-9674.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9674) | :mag: Ongoing | +| [CVE-2023-26604](./cve-2023-26604.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: Ubuntu | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-26604) | :mag: Ongoing | +| [CVE-2015-20107](./cve-2015-20107.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.6](https://nvd.nist.gov/vuln/detail/CVE-2015-20107) | :mag: Ongoing | +| [CVE-2017-11164](./cve-2017-11164.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: Ubuntu | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2017-11164) | :mag: Ongoing | +| [CVE-2018-20225](./cve-2018-20225.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2018-20225) | :mag: Ongoing | +| [CVE-2022-41409](./cve-2022-41409.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41409) | :mag: Ongoing | +| [CVE-2019-17543](./cve-2019-17543.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [8.1](https://nvd.nist.gov/vuln/detail/CVE-2019-17543) | :mag: Ongoing | +| [CVE-2022-4899](./cve-2022-4899.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4899) | :mag: Ongoing | +| [CVE-2018-20657](./cve-2018-20657.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-20657) | :mag: Ongoing | +| [CVE-2023-27534](./cve-2023-27534.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2023-27534) | :mag: Ongoing | +| [CVE-2023-32636](./cve-2023-32636.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-32636) | :mag: Ongoing | +| [CVE-2023-29499](./cve-2023-29499.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-29499) | :mag: Ongoing | +| [CVE-2024-24790](./cve-2024-24790.md) | 8/6/24 | 8/6/24 | Palette 4.4.11 | Third-party component: Go Project | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-24790) | :mag: Ongoing | +| [CVE-2023-4156](./cve-2023-4156.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.1](https://nvd.nist.gov/vuln/detail/CVE-2023-4156) | :mag: Ongoing | +| [CVE-2022-23990](./cve-2022-23990.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-23990) | :mag: Ongoing | +| [CVE-2020-35512](./cve-2020-35512.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: MongoDB | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2020-35512) | :mag: Ongoing | +| [CVE-2012-2663](./cve-2012-2663.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: iPtables | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2012-2663) | :mag: Ongoing | +| [CVE-2019-9192](./cve-2019-9192.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: GNU C Library | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9192) | :mag: Ongoing | +| [CVE-2018-20796](./cve-2018-20796.md) | 08/16/24 | 08/16/24 | Palette 4.4.12 | Third-party component: GNU C Library | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-20796) | :mag: Ongoing | | [PRISMA-2022-0227](./prisma-2022-0227.md) | 9/12/23 | 9/12/23 | Palette 4.4.11 | Third-party component: vSphere-CSI | N/A | :mag: Ongoing |